KabukiRoad

JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Sep 12 19:35:32 2010 Found and removed: C:\Documents and Settings\user\Application Data\Sun\Java\jre1.6.0_13 Found and removed: C:\Documents and Settings\user\Application Data\Sun\Java\jre1.6.0_14 Found and removed: C:\Documents and Settings\user\Application Data\Sun\Java\jre1.6.0_15 Found and removed: C:\Documents and Settings\user\Application Data\Sun\Java\jre1.6.0_17 Found and removed: C:\Documents and Settings\user\Application Data\Sun\Java\jre1.6.0_19 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\JavaPlugin.160_20 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_20 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_20 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: Software\Classes\JavaPlugin.160_20 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_20 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_20 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Sep 12 19:36:28 2010 ------------------------------------ Finished reporting.

The ESET Scan turned up no results, however my Symantec onaccess scanner turned up these...

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4596 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/11/2010 6:55:39 PM mbam-log-2010-09-11 (18-55-39).txt Scan type: Quick scan Objects scanned: 139392 Time elapsed: 6 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Here is the ComboFix log, and I thank you very much for your help. ComboFix 10-09-09.04 - user 09/10/2010 23:31:23.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1410 [GMT -4:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100831-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\Autorun.inf Infected copy of c:\windows\system32\DRIVERS\intelide.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 ))))))))))))))))))))))))))))))) . 2010-09-11 03:25 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys 2010-09-11 03:25 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys 2010-09-11 03:04 . 2010-09-11 03:04 -------- d-----w- C:\_OTL 2010-08-30 01:50 . 2010-09-04 05:41 -------- d-----w- c:\windows\BDOSCAN8 2010-08-29 22:37 . 2010-08-29 22:37 -------- d-----w- c:\documents and settings\Aunty Julie\Application Data\Malwarebytes 2010-08-25 05:36 . 2010-08-25 05:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-08-19 03:07 . 2010-08-19 03:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-08-19 03:07 . 2010-08-25 04:07 -------- d-----w- c:\documents and settings\user\Application Data\skypePM 2010-08-19 03:05 . 2010-08-25 06:54 -------- d-----w- c:\documents and settings\user\Application Data\Skype 2010-08-19 03:03 . 2010-08-26 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-11 03:42 . 2009-04-03 19:51 -------- d-----w- c:\program files\Symantec AntiVirus 2010-09-06 03:01 . 2009-05-16 01:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-29 22:38 . 2009-04-03 19:35 38805 ----a-w- c:\windows\system32\nvModes.dat 2010-08-28 22:50 . 2010-06-27 02:03 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-08-28 22:49 . 2010-08-28 22:49 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-08-28 22:49 . 2010-06-27 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-08-28 22:49 . 2009-05-11 01:23 -------- d-----w- c:\program files\DivX 2010-08-28 22:49 . 2010-08-28 22:49 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-08-28 22:49 . 2010-08-28 22:49 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-08-28 22:49 . 2010-08-28 22:49 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-08-28 22:48 . 2010-08-28 22:48 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-08-28 22:48 . 2010-08-28 22:48 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-08-28 22:45 . 2010-08-28 22:49 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll 2010-08-28 22:45 . 2010-07-09 02:28 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-08-28 22:45 . 2010-06-27 01:04 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-08-28 22:42 . 2010-06-27 01:04 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-08-26 16:16 . 2009-04-09 07:16 -------- d-----w- c:\documents and settings\user\Application Data\BitTorrent 2010-08-26 02:05 . 2009-04-09 07:16 -------- d-----w- c:\program files\BitTorrent 2010-08-11 01:40 . 2009-04-08 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-09 23:19 . 2009-05-11 05:29 -------- d-----w- c:\documents and settings\user\Application Data\DivX 2010-08-08 23:30 . 2010-08-08 23:30 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ee8a22b-n\msvcp71.dll 2010-08-08 23:30 . 2010-08-08 23:30 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ee8a22b-n\jmc.dll 2010-08-08 23:30 . 2010-08-08 23:30 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ee8a22b-n\msvcr71.dll 2010-08-08 23:30 . 2010-08-08 23:30 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e123e51-n\decora-sse.dll 2010-08-08 23:30 . 2010-08-08 23:30 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e123e51-n\decora-d3d.dll 2010-08-05 18:44 . 2010-08-28 22:46 64512 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\lgj3olcf.default\extensions\twitternotifier@naan.net\platform\WINNT_gecko2\components\nsTwitterFoxSign.dll 2010-08-05 18:41 . 2010-08-28 22:46 66048 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\lgj3olcf.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll 2010-08-05 01:41 . 2009-04-06 03:53 51784 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-05 00:27 . 2010-07-10 00:06 -------- d-----w- c:\program files\iTunes 2010-08-05 00:25 . 2010-08-05 00:25 -------- d-----w- c:\program files\iPod 2010-08-05 00:25 . 2009-04-06 01:41 -------- d-----w- c:\program files\Common Files\Apple 2010-08-05 00:18 . 2010-08-05 00:18 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-27 01:03 . 2010-06-27 01:03 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-06-27 01:03 . 2010-06-27 01:03 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-06-27 01:03 . 2010-06-27 01:03 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-06-27 01:03 . 2010-06-27 01:03 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-06-27 01:03 . 2010-06-27 01:03 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe 2010-06-27 01:03 . 2010-06-27 01:03 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-06-27 01:03 . 2010-06-27 01:03 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-06-27 01:02 . 2010-06-27 01:02 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-27 01:02 . 2010-06-27 01:02 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-06-27 01:02 . 2010-06-27 01:02 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-06-27 01:01 . 2010-06-27 01:01 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-06-27 01:01 . 2010-06-27 01:01 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-06-24 12:22 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2004-08-04 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2009-04-03 18:06 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-14 02:33 . 2010-06-14 02:33 50354 ----a-w- c:\documents and settings\user\Application Data\Facebook\uninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504] "Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216] "nwiz"="nwiz.exe" [2006-05-01 1519616] "NVHotkey"="nvHotkey.dll" [2006-05-01 73728] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-11-04 597792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11553:TCP"= 11553:TCP:BitComet 11553 TCP "11553:UDP"= 11553:UDP:BitComet 11553 UDP R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/18/2009 9:18 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/18/2009 9:18 PM 20560] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/29/2010 6:21 PM 102448] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11/25/2009 3:33 AM 16512] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 7:42 AM 64000] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33 PM 116464] . Contents of the 'Scheduled Tasks' folder 2009-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-09-11 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\lgj3olcf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\lgj3olcf.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll FF - plugin: c:\documents and settings\user\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\user\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.zencast, c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-10 23:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3568) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Creative\Shared Files\CTDevSrv.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-09-10 23:47:46 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-11 03:47 Pre-Run: 13,258,416,128 bytes free Post-Run: 13,234,884,608 bytes free - - End Of File - - B6612988640376735F821D4E32EDA4E8

Please, surely someone would be kind enough to help. I'm a law school student, and am virtually crippled without my laptop. Any help would be greatly appreciated.

OTL Extras OTL Extras logfile created on: 9/5/2010 10:49:49 PM - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\user\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 13.96 Gb Free Space | 18.73% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-4B59606A60 Current User Name: user Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "11553:TCP" = 11553:TCP:*:Enabled:BitComet 11553 TCP "11553:UDP" = 11553:UDP:*:Enabled:BitComet 11553 UDP ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder "{06276C76-80C8-40A9-B0B4-36B2104FD7F3}" = MediaDirect "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 20 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIM Toolbar" = AIM Toolbar "AIM_7" = AIM 7 "Audacity_is1" = Audacity 1.2.6 "avast!" = avast! Antivirus "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem "Creative Centrale" = Creative Centrale "Creative Removable Disk Manager" = Creative Removable Disk Manager "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX Setup "ESET Online Scanner" = ESET Online Scanner v3 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSCSR" = Microsoft Speech Recognition Engine 4.0 (English) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "VLC media player" = VLC media player 1.1.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "ZENMozaicUG" = Creative ZEN Mozaic User's Guide ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "Facebook Plug-In" = Facebook Plug-In "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 9/5/2010 10:50:24 AM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Standard Shield provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 4:49:31 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Instant Messaging provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 4:49:31 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: P2P provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 4:49:31 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Standard Shield provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 9:15:35 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Instant Messaging provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 9:15:35 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: P2P provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 9:15:36 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Standard Shield provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 9:25:22 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Instant Messaging provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 9:25:22 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: P2P provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 9:25:22 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Standard Shield provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. [ Application Events ] Error - 9/5/2010 7:33:42 PM | Computer Name = USER-4B59606A60 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 9/5/2010 7:33:43 PM | Computer Name = USER-4B59606A60 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 464: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 308: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 324: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 456: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 476: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 10:41:18 PM | Computer Name = USER-4B59606A60 | Source = Symantec AntiVirus | ID = 16711685 Description = Risk Found!Risk: Trojan.Gen in File: C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\17\48173611-6338f01d>>________vload.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Risk Found!Risk: in File: C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\17\48173611-6338f01d by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Risk Found!Risk: Trojan.Gen in File: C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\48\4084a7b0-2e7a8217>>________vload.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Risk Found!Risk: in File: C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\48\4084a7b0-2e7a8217 by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. [ System Events ] Error - 9/5/2010 9:15:38 PM | Computer Name = USER-4B59606A60 | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 9/5/2010 9:15:38 PM | Computer Name = USER-4B59606A60 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 9/5/2010 9:16:42 PM | Computer Name = USER-4B59606A60 | Source = Service Control Manager | ID = 7000 Description = The adfs service failed to start due to the following error: %%2 Error - 9/5/2010 9:25:34 PM | Computer Name = USER-4B59606A60 | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 9/5/2010 9:25:34 PM | Computer Name = USER-4B59606A60 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 9/5/2010 9:25:43 PM | Computer Name = USER-4B59606A60 | Source = Service Control Manager | ID = 7000 Description = The adfs service failed to start due to the following error: %%2 Error - 9/5/2010 10:47:39 PM | Computer Name = USER-4B59606A60 | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 9/5/2010 10:47:39 PM | Computer Name = USER-4B59606A60 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 9/5/2010 10:47:50 PM | Computer Name = USER-4B59606A60 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 9/5/2010 10:49:04 PM | Computer Name = USER-4B59606A60 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Aavmker4 APPDRV aswSP eeCtrl Fips intelppm nvport SAVRT SAVRTPEL SPBBCDrv SYMTDI < End of report > ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "11553:TCP" = 11553:TCP:*:Enabled:BitComet 11553 TCP "11553:UDP" = 11553:UDP:*:Enabled:BitComet 11553 UDP ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder "{06276C76-80C8-40A9-B0B4-36B2104FD7F3}" = MediaDirect "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 20 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIM Toolbar" = AIM Toolbar "AIM_7" = AIM 7 "Audacity_is1" = Audacity 1.2.6 "avast!" = avast! Antivirus "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem "Creative Centrale" = Creative Centrale "Creative Removable Disk Manager" = Creative Removable Disk Manager "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX Setup "ESET Online Scanner" = ESET Online Scanner v3 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSCSR" = Microsoft Speech Recognition Engine 4.0 (English) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "VLC media player" = VLC media player 1.1.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "ZENMozaicUG" = Creative ZEN Mozaic User's Guide ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "Facebook Plug-In" = Facebook Plug-In "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 9/5/2010 10:50:24 AM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Standard Shield provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 4:49:31 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Instant Messaging provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 4:49:31 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: P2P provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 4:49:31 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Standard Shield provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 9:15:35 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Instant Messaging provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 9:15:35 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: P2P provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 9:15:36 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Standard Shield provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 9:25:22 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Instant Messaging provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 9:25:22 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: P2P provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 9/5/2010 9:25:22 PM | Computer Name = USER-4B59606A60 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Standard Shield provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. [ Application Events ] Error - 9/5/2010 7:33:42 PM | Computer Name = USER-4B59606A60 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 9/5/2010 7:33:43 PM | Computer Name = USER-4B59606A60 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 464: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 308: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 324: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 456: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 476: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 8:45:46 PM | Computer Name = USER-4B59606A60 | Source = Bonjour Service | ID = 100 Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/5/2010 10:41:18 PM | Computer Name = USER-4B59606A60 | Source = Symantec AntiVirus | ID = 16711685 Description = Risk Found!Risk: Trojan.Gen in File: C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\17\48173611-6338f01d>>________vload.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Risk Found!Risk: in File: C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\17\48173611-6338f01d by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Risk Found!Risk: Trojan.Gen in File: C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\48\4084a7b0-2e7a8217>>________vload.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Risk Found!Risk: in File: C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\48\4084a7b0-2e7a8217 by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. [ System Events ] Error - 9/5/2010 9:15:38 PM | Computer Name = USER-4B59606A60 | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 9/5/2010 9:15:38 PM | Computer Name = USER-4B59606A60 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 9/5/2010 9:16:42 PM | Computer Name = USER-4B59606A60 | Source = Service Control Manager | ID = 7000 Description = The adfs service failed to start due to the following error: %%2 Error - 9/5/2010 9:25:34 PM | Computer Name = USER-4B59606A60 | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 9/5/2010 9:25:34 PM | Computer Name = USER-4B59606A60 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 9/5/2010 9:25:43 PM | Computer Name = USER-4B59606A60 | Source = Service Control Manager | ID = 7000 Description = The adfs service failed to start due to the following error: %%2 Error - 9/5/2010 10:47:39 PM | Computer Name = USER-4B59606A60 | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 9/5/2010 10:47:39 PM | Computer Name = USER-4B59606A60 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 9/5/2010 10:47:50 PM | Computer Name = USER-4B59606A60 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 9/5/2010 10:49:04 PM | Computer Name = USER-4B59606A60 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Aavmker4 APPDRV aswSP eeCtrl Fips intelppm nvport SAVRT SAVRTPEL SPBBCDrv SYMTDI < End of report >

OTL results OTL logfile created on: 9/6/2010 6:17:04 PM - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\user\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 11.96 Gb Free Space | 16.05% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 232.88 Gb Total Space | 148.00 Gb Free Space | 63.55% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-4B59606A60 Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/09/05 20:45:38 | 000,676,352 | ---- | M] () -- C:\Documents and Settings\user\Application Data\antispy.exe PRC - [2010/09/05 00:02:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/11/04 18:20:14 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/04/02 02:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe PRC - [2006/07/19 20:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2006/06/29 12:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe ========== Modules (SafeList) ========== MOD - [2010/09/05 00:02:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009/04/08 08:53:17 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service) SRV - [2008/05/21 07:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv) SRV - [2007/04/02 02:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv) SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2006/09/02 17:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate) SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI) DRV - [2010/07/15 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100905.003\NAVEX15.SYS -- (NAVEX15) DRV - [2010/07/15 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100905.003\NAVENG.SYS -- (NAVENG) DRV - [2010/06/17 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/05/29 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/11/24 19:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009/04/15 16:25:42 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2009/04/15 16:25:42 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde) DRV - [2006/10/29 16:16:24 | 000,156,160 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006/10/29 16:12:58 | 001,041,536 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2006/10/29 16:12:58 | 000,200,064 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2006/10/29 16:12:56 | 000,685,056 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006/10/29 16:12:16 | 003,298,432 | R--- | M] (Intel

Hello, I am having a problem with the Microsoft Security Essentials Alert trojan. Malwarebytes will not remove it. I attempted to use rkill, but the trojan wont let it run. I also attempted to use safemode, and I still can't get around it. I can't open Firefox, Explorer, iTunes, or AIM. I ran an OTL scan and have included the results below. Since I must impose on others or use a library computer to communicate with you, there may be some delay in my responses. Any aid you could provide would be wonderful. Thank you for your time and attention.

Nope, they are all gone. <3

Slower I meant.

The redirects have stopped, but Firefox seems to load lower than usual. Though that may be my imagination. Thank you for your patience and the time and effort you expended on my behalf. I don't know what I would have done without you Sentinel.

Here is the info.txt contents... info.txt logfile of random's system information tool 1.06 2010-06-06 18:16:14 ======Uninstall list====== -->"C:\Documents and Settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}\setup.exe" REMOVE=TRUE MODIFY=FALSE -->"C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0009 -->"C:\Program Files\Creative Installation Information\CREATIVE_SMARTFILL\Setup.exe" /remove /l0x0009 -->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009 -->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009 -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001} AIM 7-->C:\Program Files\AIM\uninst.exe AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe" Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf Creative Centrale-->"C:\Documents and Settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}\Setup.exe" REMOVE=TRUE MODIFY=FALSE Creative Centrale-->C:\Documents and Settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}\Setup.exe Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove Creative Software Update-->C:\Documents and Settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}\setup.exe Creative ZEN Mozaic User's Guide-->"C:\Program Files\Creative\Creative ZEN Mozaic\UGRemove.exe" /Product_Name:ZENMozaicUG Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0} DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5} Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Malwarebytes' Anti-Malware-->"C:\Program Files\SecToolEater\unins000.exe" MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06276C76-80C8-40A9-B0B4-36B2104FD7F3}\SETUP.EXE" -l0x9 Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Speech Recognition Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscsr.inf, Uninstall.NT Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI NVIDIA PureVideo Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4 QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050} Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Symantec AntiVirus-->MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83} System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79} Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ZEN V Series Media Explorer-->"C:\Program Files\Creative Installation Information\ZEN_V_SERIES_MEDIA_EXPLORER\Setup.exe" /remove /l0x0009 ======Security center information====== AV: avast! antivirus 4.8.1368 [VPS 100606-1] (disabled) AV: Symantec AntiVirus Corporate Edition (disabled) ======System event log====== Computer Name: USER-4B59606A60 Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013CE46C64E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 15416 Source Name: Dhcp Time Written: 20100507164740.000000-240 Event Type: warning User: Computer Name: USER-4B59606A60 Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013CE46C64E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 15412 Source Name: Dhcp Time Written: 20100506171301.000000-240 Event Type: warning User: Computer Name: USER-4B59606A60 Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 15329 Source Name: Tcpip Time Written: 20100505234035.000000-240 Event Type: warning User: Computer Name: USER-4B59606A60 Event Code: 1000 Message: Your computer has lost the lease to its IP address 192.168.1.2 on the Network Card with network address 0013CE46C64E. Record Number: 15326 Source Name: Dhcp Time Written: 20100505193439.000000-240 Event Type: error User: Computer Name: USER-4B59606A60 Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013CE46C64E. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 15325 Source Name: Dhcp Time Written: 20100505193439.000000-240 Event Type: warning User: =====Application event log===== Computer Name: USER-4B59606A60 Event Code: 1000 Message: Faulting application aldoscapture.exe, version 1.0.0.1, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb. Record Number: 3646 Source Name: Application Error Time Written: 20100411165659.000000-240 Event Type: error User: Computer Name: USER-4B59606A60 Event Code: 1002 Message: Hanging application firefox.exe, version 1.9.1.3685, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 3554 Source Name: Application Hang Time Written: 20100310215755.000000-300 Event Type: error User: Computer Name: USER-4B59606A60 Event Code: 1002 Message: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 3486 Source Name: Application Hang Time Written: 20100218175320.000000-300 Event Type: error User: Computer Name: USER-4B59606A60 Event Code: 1002 Message: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 3485 Source Name: Application Hang Time Written: 20100218175319.000000-300 Event Type: error User: Computer Name: USER-4B59606A60 Event Code: 1002 Message: Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 3446 Source Name: Application Hang Time Written: 20100124002433.000000-300 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\DivX Shared;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0d08 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------

Here's the log.txt contents... Logfile of random's system information tool 1.07 (written by random/random) Run by user at 2010-06-06 18:15:59 Microsoft Windows XP Professional Service Pack 3 System drive C: has 3 GB (4%) free of 76 GB Total RAM: 2047 MB (66% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:16:12 PM, on 6/6/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Creative\Software Update 3\SoftAuto.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\user\Desktop\RSIT.exe C:\Program Files\trend micro\user.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [softAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 8954 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\OGALogon.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}] AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-01 7561216] "nwiz"=nwiz.exe /installquiet [] "NVHotkey"=nvHotkey.dll,Start [] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896] "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168] "Dell QuickSet"=C:\Program Files\Dell\QuickSet\Quickset.exe [2006-06-29 1032192] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTSyncU.exe"=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2007-05-30 868352] "SoftAuto.exe"=C:\Program Files\Creative\Software Update 3\SoftAuto.exe [2008-08-12 405504] "Aim"=C:\Program Files\AIM\aim.exe [2010-03-08 3972440] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] shell\AutoRun\command - E:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2010-06-06 18:15:59 ----D---- C:\rsit 2010-06-06 18:15:59 ----D---- C:\Program Files\trend micro 2010-06-06 18:07:15 ----SHD---- C:\RECYCLER 2010-06-05 02:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$ 2010-06-04 20:55:58 ----D---- C:\Program Files\ESET 2010-06-04 16:24:51 ----A---- C:\ComboFix.txt 2010-06-04 15:24:47 ----A---- C:\Boot.bak 2010-06-04 15:24:39 ----RASHD---- C:\cmdcons 2010-06-04 15:20:08 ----A---- C:\WINDOWS\PEV.exe 2010-06-04 15:20:08 ----A---- C:\WINDOWS\NIRCMD.exe 2010-06-04 15:20:08 ----A---- C:\WINDOWS\MBR.exe 2010-06-04 15:20:07 ----A---- C:\WINDOWS\zip.exe 2010-06-04 15:20:07 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-06-04 15:20:07 ----A---- C:\WINDOWS\SWSC.exe 2010-06-04 15:20:07 ----A---- C:\WINDOWS\SWREG.exe 2010-06-04 15:20:07 ----A---- C:\WINDOWS\sed.exe 2010-06-04 15:20:07 ----A---- C:\WINDOWS\grep.exe 2010-06-04 15:19:36 ----D---- C:\WINDOWS\ERDNT 2010-06-04 15:18:58 ----D---- C:\Qoobox 2010-05-31 20:19:35 ----D---- C:\_OTL 2010-05-30 17:49:31 ----A---- C:\WINDOWS\system32\javaws.exe 2010-05-30 17:49:31 ----A---- C:\WINDOWS\system32\javaw.exe 2010-05-30 17:49:31 ----A---- C:\WINDOWS\system32\java.exe 2010-05-30 17:49:31 ----A---- C:\WINDOWS\system32\deployJava1.dll 2010-05-29 21:28:13 ----D---- C:\Documents and Settings\user\Application Data\QuickScan 2010-05-24 21:57:05 ----A---- C:\WINDOWS\ntbtlog.txt 2010-05-15 14:45:03 ----D---- C:\WINDOWS\speech 2010-05-15 14:44:54 ----D---- C:\WINDOWS\VoiceExplorer 2010-05-15 14:44:53 ----D---- C:\Program Files\Voice 2010-05-15 14:43:01 ----A---- C:\WINDOWS\GPInstall.exe 2010-05-12 19:13:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ ======List of files/folders modified in the last 1 months====== 2010-06-06 18:15:59 ----RD---- C:\Program Files 2010-06-06 18:14:02 ----D---- C:\Program Files\Symantec AntiVirus 2010-06-06 18:12:01 ----D---- C:\WINDOWS\Temp 2010-06-06 18:07:51 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-06-06 09:59:49 ----D---- C:\WINDOWS 2010-06-05 02:53:04 ----HD---- C:\WINDOWS\inf 2010-06-05 02:52:58 ----D---- C:\WINDOWS\system32 2010-06-04 20:47:06 ----D---- C:\WINDOWS\system32\LogFiles 2010-06-04 16:24:55 ----D---- C:\WINDOWS\system32\drivers 2010-06-04 16:23:09 ----D---- C:\WINDOWS\system32\CatRoot2 2010-06-04 16:18:25 ----A---- C:\WINDOWS\system.ini 2010-06-04 16:16:11 ----D---- C:\WINDOWS\system32\config 2010-06-04 16:13:40 ----D---- C:\WINDOWS\AppPatch 2010-06-04 16:13:34 ----D---- C:\Program Files\Common Files 2010-06-04 15:24:47 ----RASH---- C:\boot.ini 2010-06-04 15:19:29 ----D---- C:\WINDOWS\Prefetch 2010-05-31 19:56:23 ----SHD---- C:\WINDOWS\CSC 2010-05-30 17:49:49 ----SHD---- C:\WINDOWS\Installer 2010-05-30 17:49:02 ----D---- C:\Program Files\Java 2010-05-27 18:18:41 ----D---- C:\Program Files\BitComet 2010-05-24 22:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2010-05-24 22:08:57 ----D---- C:\Program Files\SecToolEater 2010-05-24 22:04:18 ----D---- C:\Documents and Settings\user\Application Data\U3 2010-05-24 21:58:43 ----D---- C:\WINDOWS\network diagnostic 2010-05-21 21:24:21 ----D---- C:\Documents and Settings\user\Application Data\BitTorrent 2010-05-15 14:45:36 ----D---- C:\Program Files\Common Files\Microsoft Shared 2010-05-15 14:45:07 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-05-12 19:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2010-05-12 19:14:15 ----A---- C:\WINDOWS\imsins.BAK 2010-05-12 19:13:49 ----D---- C:\Program Files\Outlook Express 2010-05-11 23:28:35 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408] R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2009-04-15 9336] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2009-04-15 9464] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys [] R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys [] R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys [] R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-10-29 13059] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-10-29 156160] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2006-10-29 1041536] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2006-10-29 200064] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100604.006\naveng.sys [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100604.006\navex15.sys [] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-01 3653280] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168] R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [] R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768] R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-10-29 3298432] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-10-29 685056] S1 OMCI;OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [] S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [] S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys [] S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys [] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032] R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440] R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376] R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-06-29 376832] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-01 143428] R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848] R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920] S3 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2009-04-08 69632] S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464] S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] -----------------EOF-----------------

ESET scan results C:\System Volume Information\_restore{CBAB263D-314C-4795-A1CA-B193467C8D84}\RP155\A0023526.sys Win32/Olmarik.ZC trojan cleaned - quarantined

When I try to run the scanner I get this ... Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program. What should I do?

Here's the ComboFix log in the meantime. Off to Kaspersky I go... ComboFix 10-05-31.02 - user 06/04/2010 16:12:02.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1431 [GMT -4:00] Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 100604-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Viewpoint c:\program files\Viewpoint\Common\ViewpointService.exe c:\program files\Viewpoint\Common\VistaBoot.sdll c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VETScriptInterpreter.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFViewHost.dll c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VIEWPOINT_SERVICE -------\Service_Viewpoint Service ((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 ))))))))))))))))))))))))))))))) . 2010-06-01 00:19 . 2010-06-01 00:19 -------- d-----w- C:\_OTL 2010-05-30 21:49 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-30 01:28 . 2010-05-30 01:30 -------- d-----w- c:\documents and settings\user\Application Data\QuickScan 2010-05-25 01:10 . 2010-05-25 02:57 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ylagqoaut 2010-05-15 18:45 . 2010-05-15 18:45 -------- d-----w- c:\windows\speech 2010-05-15 18:44 . 2010-05-15 18:44 -------- d-----w- c:\windows\VoiceExplorer 2010-05-15 18:44 . 2010-05-27 22:21 -------- d-----w- c:\program files\Voice 2010-05-15 18:43 . 2010-05-15 18:43 796672 ----a-w- c:\windows\GPInstall.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-04 20:21 . 2009-04-03 19:51 -------- d-----w- c:\program files\Symantec AntiVirus 2010-05-31 04:04 . 2009-05-16 01:39 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-30 21:49 . 2009-04-14 04:25 -------- d-----w- c:\program files\Java 2010-05-30 19:05 . 2010-05-30 19:05 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-225496bf-n\msvcp71.dll 2010-05-30 19:05 . 2010-05-30 19:05 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-225496bf-n\jmc.dll 2010-05-30 19:05 . 2010-05-30 19:05 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-225496bf-n\msvcr71.dll 2010-05-30 19:05 . 2010-05-30 19:05 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2541b078-n\decora-sse.dll 2010-05-30 19:05 . 2010-05-30 19:05 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2541b078-n\decora-d3d.dll 2010-05-27 22:18 . 2010-03-03 00:43 -------- d-----w- c:\program files\BitComet 2010-05-27 15:26 . 2009-04-03 19:35 38805 ----a-w- c:\windows\system32\nvModes.dat 2010-05-25 02:08 . 2009-10-10 16:12 -------- d-----w- c:\program files\SecToolEater 2010-05-25 02:04 . 2009-05-06 00:52 -------- d-----w- c:\documents and settings\user\Application Data\U3 2010-05-22 01:24 . 2009-04-09 07:16 -------- d-----w- c:\documents and settings\user\Application Data\BitTorrent 2010-05-12 23:14 . 2009-04-08 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-29 19:39 . 2009-10-10 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2009-10-10 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-12 01:25 . 2010-04-12 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM 2010-04-12 01:25 . 2010-04-12 01:24 -------- d-----w- c:\program files\AIM 2010-04-01 21:40 . 2010-04-01 21:40 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f915f9e-n\decora-sse.dll 2010-04-01 21:40 . 2010-04-01 21:40 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ec1ecaf-n\msvcp71.dll 2010-04-01 21:40 . 2010-04-01 21:40 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ec1ecaf-n\jmc.dll 2010-04-01 21:40 . 2010-04-01 21:40 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ec1ecaf-n\msvcr71.dll 2010-04-01 21:40 . 2010-04-01 21:40 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f915f9e-n\decora-d3d.dll 2010-03-28 03:45 . 2009-04-06 03:53 51784 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-26 01:49 . 2010-05-11 16:32 66048 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\lgj3olcf.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll 2010-03-25 01:31 . 2010-03-25 01:31 85504 -c--a-w- c:\documents and settings\user\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll 2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2010-06-04_19.38.11 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-04 20:18 . 2010-06-04 20:18 16384 c:\windows\Temp\Perflib_Perfdata_788.dat + 2010-06-04 20:18 . 2010-06-04 20:18 16384 c:\windows\Temp\Perflib_Perfdata_1dc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352] "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504] "Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216] "nwiz"="nwiz.exe" [2006-05-01 1519616] "NVHotkey"="nvHotkey.dll" [2006-05-01 73728] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM\\aim.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11553:TCP"= 11553:TCP:BitComet 11553 TCP "11553:UDP"= 11553:UDP:BitComet 11553 UDP R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/18/2009 9:18 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/18/2009 9:18 PM 20560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/29/2010 6:21 PM 102448] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11/25/2009 3:33 AM 16512] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 7:42 AM 64000] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33 PM 116464] . Contents of the 'Scheduled Tasks' folder 2009-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-06-04 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\lgj3olcf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\lgj3olcf.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll FF - plugin: c:\documents and settings\user\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-04 16:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2280) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Creative\Shared Files\CTDevSrv.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\system32\wscntfy.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-06-04 16:24:51 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-04 20:24 ComboFix2.txt 2010-06-04 19:40 Pre-Run: 3,070,418,944 bytes free Post-Run: 2,932,445,184 bytes free - - End Of File - - 2DF222DB419B7E7ABD4194C79B62F471

Thank you very much. I apologize for the wait. Here it is... ComboFix 10-05-31.02 - user 06/04/2010 15:30:42.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1415 [GMT -4:00] Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe AV: avast! antivirus 4.8.1368 [VPS 100604-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\drivers\dmio.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 ))))))))))))))))))))))))))))))) . 2010-06-01 00:19 . 2010-06-01 00:19 -------- d-----w- C:\_OTL 2010-05-30 21:49 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-30 19:05 . 2010-05-30 19:05 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-225496bf-n\msvcp71.dll 2010-05-30 19:05 . 2010-05-30 19:05 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-225496bf-n\jmc.dll 2010-05-30 19:05 . 2010-05-30 19:05 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-225496bf-n\msvcr71.dll 2010-05-30 19:05 . 2010-05-30 19:05 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2541b078-n\decora-sse.dll 2010-05-30 19:05 . 2010-05-30 19:05 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2541b078-n\decora-d3d.dll 2010-05-30 01:28 . 2010-05-30 01:30 -------- d-----w- c:\documents and settings\user\Application Data\QuickScan 2010-05-25 01:10 . 2010-05-25 02:57 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ylagqoaut 2010-05-15 18:45 . 2010-05-15 18:45 -------- d-----w- c:\windows\speech 2010-05-15 18:44 . 2010-05-15 18:44 -------- d-----w- c:\windows\VoiceExplorer 2010-05-15 18:44 . 2010-05-27 22:21 -------- d-----w- c:\program files\Voice 2010-05-15 18:43 . 2010-05-15 18:43 796672 ----a-w- c:\windows\GPInstall.exe 2010-05-11 16:32 . 2010-03-26 01:49 66048 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\lgj3olcf.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-04 19:30 . 2009-04-03 19:51 -------- d-----w- c:\program files\Symantec AntiVirus 2010-05-31 04:04 . 2009-05-16 01:39 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-30 21:49 . 2009-04-14 04:25 -------- d-----w- c:\program files\Java 2010-05-27 22:18 . 2010-03-03 00:43 -------- d-----w- c:\program files\BitComet 2010-05-27 15:26 . 2009-04-03 19:35 38805 ----a-w- c:\windows\system32\nvModes.dat 2010-05-25 02:08 . 2009-10-10 16:12 -------- d-----w- c:\program files\SecToolEater 2010-05-25 02:04 . 2009-05-06 00:52 -------- d-----w- c:\documents and settings\user\Application Data\U3 2010-05-22 01:24 . 2009-04-09 07:16 -------- d-----w- c:\documents and settings\user\Application Data\BitTorrent 2010-05-12 23:14 . 2009-04-08 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-29 19:39 . 2009-10-10 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2009-10-10 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-12 01:25 . 2010-04-12 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM 2010-04-12 01:25 . 2010-04-12 01:24 -------- d-----w- c:\program files\AIM 2010-04-01 21:40 . 2010-04-01 21:40 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f915f9e-n\decora-sse.dll 2010-04-01 21:40 . 2010-04-01 21:40 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ec1ecaf-n\msvcp71.dll 2010-04-01 21:40 . 2010-04-01 21:40 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ec1ecaf-n\jmc.dll 2010-04-01 21:40 . 2010-04-01 21:40 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ec1ecaf-n\msvcr71.dll 2010-04-01 21:40 . 2010-04-01 21:40 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f915f9e-n\decora-d3d.dll 2010-03-28 03:45 . 2009-04-06 03:53 51784 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-25 01:31 . 2010-03-25 01:31 85504 -c--a-w- c:\documents and settings\user\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll 2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352] "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504] "Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216] "nwiz"="nwiz.exe" [2006-05-01 1519616] "NVHotkey"="nvHotkey.dll" [2006-05-01 73728] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM\\aim.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11553:TCP"= 11553:TCP:BitComet 11553 TCP "11553:UDP"= 11553:UDP:BitComet 11553 UDP R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/18/2009 9:18 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/18/2009 9:18 PM 20560] R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/5/2009 9:03 PM 30152] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/29/2010 6:21 PM 102448] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11/25/2009 3:33 AM 16512] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 7:42 AM 64000] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33 PM 116464] . Contents of the 'Scheduled Tasks' folder 2009-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-06-04 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\lgj3olcf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\lgj3olcf.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll FF - plugin: c:\documents and settings\user\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - HKLM-Run-SigmaTel Audio - d:\drivers\setup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-04 15:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-06-04 15:40:36 ComboFix-quarantined-files.txt 2010-06-04 19:40 Pre-Run: 2,970,476,544 bytes free Post-Run: 3,066,843,136 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - ACEE7E421FA3BC39530455824B1476B9

GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-30 03:58:05 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kxwyyfog.sys ---- System - GMER 1.0.15 ---- SSDT 8A46A5E0 ZwAlertResumeThread SSDT 8A49A050 ZwAlertThread SSDT 8A40FDA0 ZwAllocateVirtualMemory SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAC0236B8] SSDT 8A483BF8 ZwConnectPort SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAC023574] SSDT 8A38C6C0 ZwCreateMutant SSDT 8A410F58 ZwCreateThread SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAC023A52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAC02314C] SSDT 8A3936F8 ZwFreeVirtualMemory SSDT 8A38C330 ZwImpersonateAnonymousToken SSDT 8A38C188 ZwImpersonateThread SSDT 8A359B88 ZwMapViewOfSection SSDT 8A38C810 ZwOpenEvent SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAC02364E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAC02308C] SSDT 8A393A10 ZwOpenProcessToken SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAC0230F0] SSDT 8A3A1830 ZwOpenThreadToken SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAC02376E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAC02372E] SSDT 8A394710 ZwResumeThread SSDT 8A3A40B8 ZwSetContextThread SSDT 8A3933F0 ZwSetInformationProcess SSDT 8A3A4208 ZwSetInformationThread SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAC0238AE] SSDT 8A38C8E8 ZwSuspendProcess SSDT 8A3C1988 ZwSuspendThread SSDT 8A393DB8 ZwTerminateProcess SSDT 8A3B1198 ZwTerminateThread SSDT 8A393578 ZwUnmapViewOfSection SSDT 8A40D580 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2554 80501D8C 5 Bytes [8C, 30, 02, AC, 10] .text ntkrnlpa.exe!ZwCallbackReturn + 255A 80501D92 2 Bytes [39, 8A] .text ntkrnlpa.exe!ZwCallbackReturn + 2760 80501F98 8 Bytes CALL 08DA5865 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB81F2380, 0x21FEFD, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[500] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F9000A .text C:\WINDOWS\Explorer.EXE[500] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FF000A .text C:\WINDOWS\Explorer.EXE[500] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F8000C .text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AE000A .text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AF000A .text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AD000C .text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00A8000A .text C:\WINDOWS\System32\svchost.exe[1268] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F3000A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[952] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002 IAT C:\WINDOWS\system32\services.exe[952] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- EOF - GMER 1.0.15 ----

Here is Extras.Txt Extras.Txt

OTL. Txt OTL logfile created on: 5/29/2010 11:33:26 PM - Run 1 OTL by OldTimer - Version 3.2.5.1 Folder = C:\Documents and Settings\user\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 2.12 Gb Free Space | 2.85% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-4B59606A60 Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/05/29 23:26:26 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe PRC - [2010/04/06 16:40:56 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2008/08/12 23:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Software Update 3\SoftAuto.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/04 13:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2007/05/30 13:52:32 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe PRC - [2007/04/02 02:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe PRC - [2006/07/19 20:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2006/06/29 12:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe ========== Modules (SafeList) ========== MOD - [2010/05/29 23:26:26 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/04/08 08:53:17 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service) SRV - [2008/05/21 07:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv) SRV - [2008/04/04 13:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service) SRV - [2007/04/02 02:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv) SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2006/09/02 17:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate) SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) ========== Driver Services (SafeList) ========== DRV - [2010/05/29 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/05/17 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100529.006\NAVEX15.SYS -- (NAVEX15) DRV - [2010/05/17 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100529.006\NAVENG.SYS -- (NAVENG) DRV - [2009/11/24 19:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/04/15 16:25:42 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2009/04/15 16:25:42 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2006/10/29 16:16:24 | 000,156,160 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006/10/29 16:12:58 | 001,041,536 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2006/10/29 16:12:58 | 000,200,064 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2006/10/29 16:12:56 | 000,685,056 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006/10/29 16:12:16 | 003,298,432 | R--- | M] (Intel

A few days ago my computer was attacked by Antispyware soft. I thought Malwarebytes had removed it. Subsequent scans by Mbytes and Symantec Antivirus report no infection. I am really very ignorant about how computers function so the most simple "Idiots guide" instructions/help will be greatly appreciated. Thank your time, and for any aid you may provide.